Yii framework RBAC

by Daniel Thomassen Email

In this blog post I will be showing how to create an access control list and use Role Based Access Control in Yii framework.

...

The first thing you will need to do is create the database tables you can use schema.mysql.sql located in the protected/data folder.

After that you will need to add a component to your configuration like such:

'components'=>array(
....
   'authManager'=>array(
      'class'=>'CDbAuthManager',
      'connectionID'=>'db',
   ),
....

After that you will need to create the tasks and roles an example:

  $auth=Yii::app()->authManager;
  //Create all operations, these basicly are all the things a user could do.
  $auth->createOperation('readArticle','Read an article');
  $auth->createOperation('approveArticle','Read an article');
  $auth->createOperation('editArticle','Read an article');
  $auth->createOperation('submitArticle','Read an article');
  $auth->createOperation('deleteArticle','Read an article');

  //Create tasks, these are sets of operations which can have a bizRule. That means it can have a condition
  //which needs to be matched for it to be true. In this example a user can only edit his own articles.
  $bizRule= 'return Yii::app()->user->id==$params["author_id"];';
  $task = $auth->createTask('editOwnArticle','A user can edit his own submitted article',$bizRule);
  $task->addChild('editArticle');

  $task = $auth->createTask('moderateArticles','Article moderation');
  $task->addChild('editArticle');
  $task->addChild('approveArticle');

  //Finally you have Roles these are the sets you will assign to users and most of the time consist of tasks &
  //operations.
  $role = $auth->createRole('user');
  $role->addChild('editOwnArticle');
  $role->addChild('readArticle');
  $role->addChild('submitArticle');

  $role = $auth->createRole('moderator');
  $role->addChild('user');
  $role->addChild('moderateArticles');

  $role = $auth->createRole('admin');
  $role->addChild('moderator');
  $role->addChild('deleteArticle');

Just so you know, the application does not actually differ between roles, tasks and operations, therefore you cannot have duplicate names.
The differention between the three is to make creating a ACL a bit easier.

On the next blog we will talk about assigning users roles and checking if they have access.

$auth->createOperation('readArticle','Read an article');
Categories: Tech, English, Yii
Permalink01/10/12 01:03:00 pm,

Feedback awaiting moderation

This post has 1 feedback awaiting moderation...

Leave a comment


Your email address will not be revealed on this site.
(Line breaks become <br />)
(For my next comment on this site)
(Allow users to contact me through a message form -- Your email will not be revealed!)